Apple announcement:
…iPhone and iPad are the first and only consumer devices in compliance with the information assurance requirements of NATO nations. This enables iPhone and iPad to be used with classified information up to the NATO restricted level without requiring special software or settings—a level of government certification no other consumer mobile device has met.
This is out of the box, no modifications required.
Boing Boing post.
lurker • March 12, 2026 8:23 PM
@Privacy
re apps leaking data
In Apple’s walled garden it’s likely data can’t leak beyond Cupertino. With a ‘droid phone the data could be going to Elbonia or anywhere.
@ALL
Bongboing said “it’s widely accepted … that China has backdoors into … smartphone handsets … allowing eavesdropping on individuals and data theft.” I can report I’ve never had a Huawei phone:
feed me unwanted ads;
turn background data back on after I turned it off;
add apps to the “start at boot” list without my intervention.
which some other Android phones have done. Presumably Apple devices don’t have this bad behaviour.
StephenM • March 12, 2026 9:42 PM
Would “restricted” be the lowest level?
Clive Robinson • March 13, 2026 12:59 AM
@ StephenM,
With regards,
“Would “restricted” be the lowest level?”
Congratulations, you are the first person to ask the right question…
There are four basic classifications used, but they really are not about “security threats” untill they get to the top which is generally “secret”[1]
Anything below is generally one of two things,
1, Ass covering (endemic).
2, Give prosecutorial leverage.
In the UK for instance the script for your medications we call “a prescription” is classified as “Confidential” for reasons of “celebrity status” and the MSM who look for “if it bleeds it leads” or more favourite to build people up then tear them down.
The result is that the UK “National Health Service”(NHS) network –brought in by the idiot Tony Blair to enrich himself through others–, called by most as “NHSnet” is required to run in encrypted form using a GCHQ designed algorithm “rambutan” and modes that are all classified as “Secret” (even though much of it is public knowledge).
I once had to be compliant with such nonsense as do all UK central and local government employees, those who handle “financial data”, those who handle “medical data”, and those who handle personal data.
Put simply this has created problems… Which is why just for ‘5h1ts & G1ggl3s” it was decided by politicians that the “Information Commissioner’s Office”(ICO) should use an entirely different set of document classifications…
[1] Technically “secret” is the top classification, but the reality is that whilst you may have a security clearance to that level, you are not entitled to just see any “secret” document…
You might have heard the silly expression of “You have not been read in” where it came from I’ve no idea but it sounds great for “entertainment purposes”. In some places documents that are classified horizontally as “secret” are also siloed vertically by what are supposed to be “randomly selected” words as a pair or triple. There is an infamous Scott Adam’s Dilbert cartoon where “Catbert” explains this “random word selection” as being words from a list of “science and nature, terms and names” and that the classified project is now called “Uranus Hertz”.
nobody • March 13, 2026 4:20 AM
@lurker
”
In Apple’s walled garden it’s likely data can’t leak beyond Cupertino. With a ‘droid phone the data could be going to Elbonia or anywhere.
”
You somehow imply that Apple is more secure than Android. Both are insecure. But if I need to choose, I will choose the one that is less overpriced and the source code is open source (to an extent).
Clive Robinson • March 13, 2026 5:32 AM
@ Bruce,
On further thinking about @StephenM’s question above, it becomes clear that people do not know about
1, Classified Documents
2, Sensitive Information
In the broad and specific and why there are different rules for them.
As a general rule of thumb,
1, A classified document is a whole traditionally formatted and printed on paper “tangible physical object” that contains one or more pieces of sensitive information in a context.
2, Sensitive information can be just a number or word or inferred meaning in a context that is an “intangible information object” that can be a part or whole of a document.
Because information is not a physical object it is something that is impressed or used to modulate matter or energy used to store, communicate or process the information.
3, So Sensitive information is not constrained to document or parts of documents, it applies to any kind of system or method as part of a system used for,
3.a, storage or retrieval
3.b, communications
3.c, processing.
Of the information.
To be sensitive the information only need be capable or potentially capable of a harm to any entity, that is “Any Person legal or natural” “individually or collectively”.
That is the individual entity, their family/collective, those they work for/with, those they associate with individually or collectively right through all levels to the notion of a nation state.
Harms are usually expressed as either “discriminatory” or that which causes “measurable or estimable harm in financial, psychological or physical harms.
In much law the harm has to pass some or all four tests,
1, The potential for harm exists.
2, The effect and magnitude of the harm can be demonstrated / accounted for.
3, The entity suffering the harm.
4, The entity or entities causing the harm.
To mount a defence the entity or entities have to demonstrate that there either was no harm, or that the harm was necessary for societal good, or the harm was made in a protected space such as a court, or tribunal that is privileged in the legal/professional sense.
Now in the UK recent successive governments are trying to rewrite this, because they want to put data into third party often “arms length” systems to in theory reduce costs, but in practice make surveillance on citizens easier and not subject to challenge or constraint by courts such as the “European Court of Human Rights”(ECHR) which contrary to what they want people to think, has nothing what so ever to do with the political entity of the “European Union”(EU).
Another reason I say,
“Paper Paper Never Data”
Is that just one piece of “sensitive information” can make a whole document classified for reasons that make some peoples minds spin.
It is to do with “de-anonymization” or “un-redaction” and something the late Prof Ross J. Anderson had great concernes about and thus frequently testified about.
Just a piece of information on it’s own rarely constitutes a harm, it needs to be linked to an individual or entity.
So a bank or credit card statement clearly identifies an individual.
The information that an online service for “gay dating” costs $12.34 / month is just information that is publicly available.
A charge/payment on a statement for $12.34 can directly indicate membership if it says “G-Day Play-Away” or the number of services that charge that fee/month is very very limited.
So the context becomes sufficiently clear and the potential harm exists. Thus all that has to be shown is that seeking this information is for the purpose of committing a harm such as discrimination of some form.
R.Cake • March 13, 2026 6:38 AM
@nobody
“You somehow imply that Apple is more secure than Android. Both are insecure.”
you are missing one point that may have made the difference here, and that is the hardware platform.
Android runs on a fairly wide scope of handsets, with wildly different HW architectures. Some use embedded secure elements, others do not. Also the type of SIM (which hardly qualifies as secure element) varies a lot within all Android phones.
Apple phones all come from the same R&D department, and have a consistent HW architecture. Of course also not all are exactly the same, but you can expect a much lower spread, especially in terms of HW security functionality.
Also, the OS integration with the HW can be expected to be an order of magnitude better than for the average Android phone (note: for some Android brands it is surely on par with Apple, but certainly not for all)
nobody • March 13, 2026 6:54 AM
@R.Cake
We can discuss until the end of time who has the best hardware and as long as you don’t know what the OS is doing no amount of hardware will save you.
In a perfect world we would have a phone with 100% open source hardware and software. In the mean time, if I need to choose, I will take the one that at least have some of the OS code open sourced.
wiredog • March 13, 2026 9:17 AM
NATO restricted is approximately equal to the US CUI (Controlled Unclassified Information) which is, yes, the lowest level of classification. IIRC, it used to “SBU” (Sensitive But Unclassified) and, in general, means “Just be careful who you share this with, especially from work computers”. HIPAA data (medical) has much higher restrictions, which is why a lot of government contractors hire people with Secret or Top Secret clearances to work on HIPAA systems.
Gary Stoneburner • March 13, 2026 3:18 PM
The Apple announcement is either disingenuous or incredibly uninformed where in the title it says “approved to handle classified” but in the body says “up to the NATO restricted level” which is unclassified.
Approved to process restricted is approved for sensitive but unclassified (like CUI) which is very much NOT approved to handle classified!!
Clive Robinson • March 15, 2026 6:04 AM
@ Bruce, ALL,
Further to my above that discusses “documents objects v information objects” in regards to security classifications. And my general cry of
‘Another reason I say,
“Paper Paper Never Data”’
That implicitly encodes more than just information but structures in both context and presentation.
There is another “mix them together” that is related, which is to do with informal structured commentary / explanation in documents and formal structured algorithms.
It appeared back in 1968 and was quickly adopted by pragmatists rather than purists and is still with us way more than an average lifetime of endeavor later.
In another odd case of odd synchronicity shortly after my above post to this thread, I was pointed to a paper of high relevance to the subject and your interest in AI systems as analysis / communications tools.
It is,
Towards a Generalization of Knuth’s Pseudocode Architecture From Algorithms to Knowledge
“In 1968, Knuth demonstrated that formal structure combined with natural language content communicates algorithms better than either alone. This architecture pseudocode became the dominant notation for algorithm exposition. The insight remained implicit. Knowledge representation remains divided: formal systems that lose meaning, or natural language that loses structure. We establish that a generalization of Knuth’s architecture to knowledge is both necessary and now possible. The generalization was blocked by a missing condition: no reader existed capable of holding richer formal systems alongside multilingual natural language. AI systems (c.2024) satisfy this condition. The generalization opens a class of possible notations. We reference Lingenic as one example of this class.“
Which has a button to the downloadable PDF of the paper with a nightmare of a link of,
‘https://www.researchgate.net/profile/Danslav-Slavenskoj/publication/401189185_Towards_a_Generalization_of_Knuth’s_Pseudocode_Architecture_From_Algorithms_to_Knowledge/links/699eaffb5d60ab483571412e/Towards-a-Generalization-of-Knuths-Pseudocode-Architecture-From-Algorithms-to-Knowledge.pdf
(I’ve removed the massive terminating string of probable user “identifying information” that was just scary in length/entropy sufficient to encode even down to the contents of a users colon in great detail… But that still leaves two others sufficient to hold other identifying biometrics etc ={ ).
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
Privacy • March 12, 2026 7:07 PM
Huh? Really? Seems like saying Donald Trump is the Pope.
Even if a phone is secure, aren’t most of the apps running in a phone massive data leakers?